admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d1fec72a32ded2a38bdd1ab9e27631f4347e7d31
kubesphere/pkg/apiserver/authentication/identityprovider/aliyunidaas/idaas.go
Eng Zer Jun d1fec72a32 refactor: move from io/ioutil to io and os packages (#5266) 
The io/ioutil package has been deprecated as of Go 1.16 [1]. This commit
replaces the existing io/ioutil functions with their new definitions in
io and os packages.

[1]: https://golang.org/doc/go1.16#ioutil
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
2022-10-18 15:47:38 +08:00

155 lines
4.1 KiB
Go
Raw Blame History

/*
Copyright 2020 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package aliyunidaas
import (
"encoding/json"
"errors"
"io"
"net/http"
"github.com/mitchellh/mapstructure"
"golang.org/x/oauth2"
"kubesphere.io/kubesphere/pkg/apiserver/authentication/identityprovider"
"kubesphere.io/kubesphere/pkg/apiserver/authentication/oauth"
)
func init() {
identityprovider.RegisterOAuthProvider(&idaasProviderFactory{})
}
type aliyunIDaaS struct {
// ClientID is the application's ID.
ClientID string `json:"clientID" yaml:"clientID"`
// ClientSecret is the application's secret.
ClientSecret string `json:"clientSecret" yaml:"clientSecret"`
// Endpoint contains the resource server's token endpoint
// URLs. These are constants specific to each server and are
// often available via site-specific packages, such as
// google.Endpoint or github.Endpoint.
Endpoint endpoint `json:"endpoint" yaml:"endpoint"`
// RedirectURL is the URL to redirect users going through
// the OAuth flow, after the resource owner's URLs.
RedirectURL string `json:"redirectURL" yaml:"redirectURL"`
// Scope specifies optional requested permissions.
Scopes []string `json:"scopes" yaml:"scopes"`
Config *oauth2.Config `json:"-" yaml:"-"`
}
// endpoint represents an OAuth 2.0 provider's authorization and token
// endpoint URLs.
type endpoint struct {
AuthURL string `json:"authURL" yaml:"authURL"`
TokenURL string `json:"tokenURL" yaml:"tokenURL"`
UserInfoURL string `json:"userInfoURL" yaml:"userInfoURL"`
}
type idaasIdentity struct {
Sub string `json:"sub"`
OuID string `json:"ou_id"`
Nickname string `json:"nickname"`
PhoneNumber string `json:"phone_number"`
OuName string `json:"ou_name"`
Email string `json:"email"`
Username string `json:"username"`
}
type userInfoResp struct {
Success bool `json:"success"`
Message string `json:"message"`
Code string `json:"code"`
IDaaSIdentity idaasIdentity `json:"data"`
}
type idaasProviderFactory struct {
}
func (f *idaasProviderFactory) Type() string {
return "AliyunIDaaSProvider"
}
func (f *idaasProviderFactory) Create(options oauth.DynamicOptions) (identityprovider.OAuthProvider, error) {
var idaas aliyunIDaaS
if err := mapstructure.Decode(options, &idaas); err != nil {
return nil, err
}
idaas.Config = &oauth2.Config{
ClientID: idaas.ClientID,
ClientSecret: idaas.ClientSecret,
Endpoint: oauth2.Endpoint{
AuthURL: idaas.Endpoint.AuthURL,
TokenURL: idaas.Endpoint.TokenURL,
AuthStyle: oauth2.AuthStyleAutoDetect,
},
RedirectURL: idaas.RedirectURL,
Scopes: idaas.Scopes,
}
return &idaas, nil
}
func (a idaasIdentity) GetUserID() string {
return a.Sub
}
func (a idaasIdentity) GetUsername() string {
return a.Username
}
func (a idaasIdentity) GetEmail() string {
return a.Email
}
func (a *aliyunIDaaS) IdentityExchangeCallback(req *http.Request) (identityprovider.Identity, error) {
// OAuth2 callback, see also https://tools.ietf.org/html/rfc6749#section-4.1.2
code := req.URL.Query().Get("code")
ctx := req.Context()
token, err := a.Config.Exchange(ctx, code)
if err != nil {
return nil, err
}
resp, err := oauth2.NewClient(ctx, oauth2.StaticTokenSource(token)).Get(a.Endpoint.UserInfoURL)
if err != nil {
return nil, err
}
data, err := io.ReadAll(resp.Body)
if err != nil {
return nil, err
}
defer resp.Body.Close()
var UserInfoResp userInfoResp
err = json.Unmarshal(data, &UserInfoResp)
if err != nil {
return nil, err
}
if !UserInfoResp.Success {
return nil, errors.New(UserInfoResp.Message)
}
return UserInfoResp.IDaaSIdentity, nil
}
Reference in New Issue View Git Blame Copy Permalink